CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=54500	Exploit Issue Tracking Mailing List Vendor Advisory
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html	Release Notes Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List Third Party Advisory
http://secunia.com/advisories/41888	Broken Link
http://secunia.com/advisories/43068	Broken Link
http://www.debian.org/security/2011/dsa-2188	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	Broken Link
http://www.securityfocus.com/bid/44241	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/2731	Not Applicable
http://www.vupen.com/english/advisories/2011/0212	Not Applicable
http://www.vupen.com/english/advisories/2011/0552	Not Applicable
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7646	Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=54500	Exploit Issue Tracking Mailing List Vendor Advisory
http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html	Release Notes Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List Third Party Advisory
http://secunia.com/advisories/41888	Broken Link
http://secunia.com/advisories/43068	Broken Link
http://www.debian.org/security/2011/dsa-2188	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	Broken Link
http://www.securityfocus.com/bid/44241	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/2731	Not Applicable
http://www.vupen.com/english/advisories/2011/0212	Not Applicable
http://www.vupen.com/english/advisories/2011/0552	Not Applicable
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7646	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:20

Type	Values Removed	Values Added
References	~~() http://code.google.com/p/chromium/issues/detail?id=54500 - Exploit, Issue Tracking, Mailing List, Vendor Advisory~~	() http://code.google.com/p/chromium/issues/detail?id=54500 - Exploit, Issue Tracking, Mailing List, Vendor Advisory
References	~~() http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html - Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html - Release Notes, Vendor Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Mailing List, Third Party Advisory
References	~~() http://secunia.com/advisories/41888 - Broken Link~~	() http://secunia.com/advisories/41888 - Broken Link
References	~~() http://secunia.com/advisories/43068 - Broken Link~~	() http://secunia.com/advisories/43068 - Broken Link
References	~~() http://www.debian.org/security/2011/dsa-2188 - Third Party Advisory~~	() http://www.debian.org/security/2011/dsa-2188 - Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 - Broken Link~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 - Broken Link
References	~~() http://www.securityfocus.com/bid/44241 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/44241 - Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2010/2731 - Not Applicable~~	() http://www.vupen.com/english/advisories/2010/2731 - Not Applicable
References	~~() http://www.vupen.com/english/advisories/2011/0212 - Not Applicable~~	() http://www.vupen.com/english/advisories/2011/0212 - Not Applicable
References	~~() http://www.vupen.com/english/advisories/2011/0552 - Not Applicable~~	() http://www.vupen.com/english/advisories/2011/0552 - Not Applicable
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7646 - Third Party Advisory~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7646 - Third Party Advisory

Information

Published : 2010-10-21 19:00

Updated : 2024-11-21 01:20

NVD link : CVE-2010-4040

Mitre link : CVE-2010-4040

CVE.ORG link : CVE-2010-4040

JSON object : View

Products Affected

debian

debian_linux

opensuse

opensuse

google

chrome

CWE

CWE-20

Improper Input Validation

7.8 /10